TechTarget

PGP warns of firewall flaw

A security flaw in the Gauntlet firewall made by PGP Security, a division of Network Associates, could allow attackers to gain...

A security flaw in the Gauntlet firewall made by PGP Security, a division of Network Associates, could allow attackers to gain privileges on the device or access to the network protected by the firewall.

The vulnerability involves two components of the firewall that handle e-mails, PGP said. Both components are vulnerable to a buffer overflow attack in which a large amount of data is sent to them, causing an error in the system that could give an attacker access, the company said. The company has released a patch, which it describes as "mandatory".

Affected products are Gauntlet for Unix versions 5.x and higher, PGP e-ppliance 300 series version 1.0 and higher, PGP e-ppliance 1000 series versions 1.5 and 2.0, McAfee e-ppliance 100 and 120 series and McAfee WebShield for Solaris v4.1. For users with HP-UX Gauntlet 5.x systems, the patch will only work if HP-UX 11.0 or higher is installed or if patch PHCO_16723 has been applied, PGP said.

The flaw was discovered by Garrison Technologies

Patches for Gauntlet and the e-ppliance series can be found at: ftp://ftp.nai.com/pub/security/ and www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp/


Patches for the McAfee products are available at: www.mcfeeb2b.com.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close